Thanks Naveen Sir for explaining the Password Masking.
@mohamedsulaimaansheriff97875 сағат бұрын
Usually secrets should be from pipeline run it should not be hard-coded in code
@technicalthings37415 сағат бұрын
@@mohamedsulaimaansheriff9787 how.can you explain in detail
@naveenautomationlabs4 сағат бұрын
@@technicalthings3741 In CI/CD Pipelines: Jenkins: Use Jenkins Credentials Manager GitHub Actions: Use GitHub Secrets GitLab CI: Use GitLab CI/CD Variables Azure DevOps: Use Variable Groups/Library For Local Development: Environment Variables Local .env files (added to .gitignore) Local secure credential stores
@namaratasharma54175 сағат бұрын
Let's say we store key as well encrypted password in properties file, but that can again be easily decrypted by anyone ..right?
@technicalthings37415 сағат бұрын
You are correct. I was also thinking the same 😅
@naveenautomationlabs5 сағат бұрын
you can store secret key as environment variables or key manager on the test execution machine or on you local machine. No need to expose it in your prop file. Best approach is always to maintain keys and password/tokens as environment variables.
@geethami11865 сағат бұрын
True sir, but it’s very easy to decrypt and see the password as method is available.How can we hide decryption logic?
@naveenautomationlabs4 сағат бұрын
I'll say yes its possible. Hence performing the encryption or decryption in test automation for app passwords, is not a perfect approach. But these are lower environment passwords not for the PROD. Always maintain the token and secrets in the secret key on your test automation machine or part of CI CD pipeline. In CI/CD Pipelines: Jenkins: Use Jenkins Credentials Manager GitHub Actions: Use GitHub Secrets GitLab CI: Use GitLab CI/CD Variables Azure DevOps: Use Variable Groups/Library For Local Development: Environment Variables Local .env files (added to .gitignore) Local secure credential stores
@geethami11864 сағат бұрын
@ thanks so much sir for your quick response. You are amazing⭐️
@vinuthreddy42382 сағат бұрын
Hi naveen sir I have created hybrid framework with page object model pattern with pytest and bdd framework with page object model.I request to look at both framework tell me that i am in a proper direction.I will share github links for both the projects. tell me that is both projects are per current industry ? Can you please share your mail id?
@technicalthings37415 сағат бұрын
Anyone can decrypted password from properties file
@naveenautomationlabs4 сағат бұрын
you can store secret key as environment variables or key manager on the test execution machine or on you local machine. No need to expose it in your code. Without secret key, one can never decrypt the password.